Compromised home devices triggered broadband outages: StarHub
The telco says the distributed denial of service (DDoS) was due to a spike in illegitimate traffic from affected devices such as video cameras and routers.
- Posted 26 Oct 2016 19:10
- Updated 27 Oct 2016 08:56
SINGAPORE: Web-connected devices bought by StarHub subscribers were the cause of the "illegitimate traffic" that resulted in the distributed denial of service (DDoS) the telco suffered twice in two days, said StarHub's chief technology officer (CTO) Mock Pak Lum on Wednesday (Oct 26).
In a media briefing, Mr Mock said affected devices such as broadband routers and webcams were responsible for the spike in Web traffic the telco saw last Saturday and Monday nights.
However, he did not disclose how many devices or IP addresses were compromised, or what was the exact volume in the spike in Web traffic its domain name server (DNS) farms had to handle in a short space of time.
The illegitimate traffic to the DNS resulted in an overload that disrupted Web connection for "some" broadband users, Mr Mock said. "Not everyone was affected," he added, saying that some users would have gotten to their desired webpage if they had waited long enough.
As remedial action, the telco said it has increased DNS capacity by 400 per cent since Saturday, and is also implementing traffic filtering and source tracing to identify the source of Web traffic surges.
It is also looking to deploy its technical team - HubTroopers - to subscribers identified with compromised devices to help them troubleshoot. This could either be done at their homes or, with their permission, taken back to StarHub for further investigation.
That said, the CTO said his team is working to scrub through the logs to see if the traffic spike was linked to the attack on US-based Dyn DNS. He noted that there are similarities in that compromised connected home devices were used to conduct the attack, but that it was too early to draw any conclusion.
He also could not comment as to why only StarHub was attacked by the compromised devices, while other Internet service providers were not affected.
StarHub is working with the Cyber Security Agency of Singapore (CSA) in terms of sharing information from its investigations, he added.
In the meantime, Mr Mock stressed that "everyone has a role to play in cybersecurity". "The reward is now too huge" for cybercriminals and the online threat will be "prevalent for a long time to come", the CTO said.
He suggested that consumers only get devices that are "reputable", remember to change the default passwords and set up the necessary defences such as firewalls after buying the devices.
He also cautioned against blindly opening up Web links sent from friends via emails, for instance, as this could potentially lead to malware being downloaded into the device without the user's knowledge.
DDoS ATTACKS LIKELY TO BE MORE COMMON: EXPERTS
The CSA and the Infocomm Media Development Authority (IMDA) said in a joint statement that the DDoS attacks are the first such incident against Singapore's telco infrastructure, and reiterated that they are working "closely" with StarHub to investigate the matter.
Commenting on StarHub's announcement, Mr John Lim, course manager at Nanyang Polytechnic's School of Information Technology, told Channel NewsAsia that he was not surprised that compromised embedded devices were used to stage the DDoS attacks.
He said that PCs and Macs have become much more secure today, but this is not so for devices such as webcams or routers.
"You cannot just install antivirus on these devices," Mr Lim said.
Additionally, consumers can now shop for such connected devices from e-commerce sites such as Taobao, and many times these are brands that are not known here and there is little to no information on the kind of defences manufacturers have installed, he said.
With the proliferation of these Web-connected devices, Mr Lim said he "won't be surprised if there will be other similar attacks that might affect the other two telcos" in the future.
Other experts Channel NewsAsia spoke to concurred, with one pointing to the gaining popularity of the Internet of Things.
"There's research done that 50 billion devices will be connected in 2020. Just imagine: 50 billion (devices) attacking your organisation," said Mr Vincent Loy, Asia Pacific Cyber & Financial Crime Leader at PwC Singapore.
Mr Loy too added that many devices are not built with security in mind.
"They were built to do a certain function; security was not part of it; they do not have password control. They do not have security control, they do not have a log in or back up. The Government and private sector need to work together to come up with a solution in coming up with security by design," Mr Loy said.
Mr Stephen Dane, a managing director at Cisco Systems (HK), pointed to the need for companies to pay more attention to security.
"It's really important to design a network and your infrastructure with high availability in mind, to ensure that not all your eggs are in one basket when it comes to protecting or providing data and holding records on behalf of customers; or in fact, having a website that's associated with just one domain name server," he said.
"It's important to build that resiliency into your infrastructure and ensure that there's high availability as much as possible, so that you are ensuring that the target is distributed as much as possible and therefore the risk is reduced," he added.
Additional reporting by Alice Chia.